Security blogs

A better way to address passwords

We all have a multitude of local and online accounts that require username and passwords. We all hate passwords. Either you can’t remember them, or you re-use the same one over and over to avoid forgetting it. Perhaps, you use your last password and add a number at the end.

Trying to come up with new passwords is a never-ending battle against human memory versus the potential for someone to guess the one you have. So how do you create secure passwords for all of your accounts, and remember them?

There are a few ways I have personally found helpful, and I’ve rated each by using the tools found at https://howsecureismypassword.net/ which you should also use to test out your own passwords!

Why should I worry about my passwords?

A strong password has to meet the following requirements:

Contains a minimum of 8 alphanumeric characters

Contains both upper- and lower-case letters

Contains at least one numeric value (0-9)

Contains at least one special character (!$%^&*()_+|~-=\'{}[]:”;'<>?,/@#.)

Going by the above guidelines, a password with 8 characters would have trillions of combinations of alpha, numeric, and special characters. This makes the recommended password guidelines good to set a strong password.

Remembering a complex password is one hard task for us humans. Sometimes, we end up writing down the password somewhere that is prone to theft. But usually, we choose simple combinations that we can easily remember or relate to. And this makes it easy for hacking tools and algorithms to predict and crack the password.

For example, a password like P@ssW0rd123! may look strong given that it follows the above password guidelines. Most people tend to use the same technique when crafting their passwords. The above sample password results in strings of characters and numbers that hackers can easily predict. They can use algorithms that specifically target those weaknesses. And hackers have specific dictionaries for most used passwords. While this password may look secure, it is unsafe. Instead of a password, you can use a core passphrase.

What is a core passphrase?

A passphrase is a sequence of words that is similar to a password in usage but is generally longer for added security. Taking a decent substitution method, allows you to have a core password, based upon a passphrase, to use inside your passwords.

The length of the passphrase makes brute force attacks entirely impractical. A well-chosen passphrase cannot be found in any phrase or quote dictionary making dictionary attacks almost impossible. A passphrase makes it easy for humans to remember and difficult for the hacking algorithms to crack.

How to choose a core passphrase?

You can structure the passphrase to be more easily memorable. For example, a passphrase like “the quick brown fox jumps over the lazy dogs back” is a good starting place. Make up your own unique passphrase that you can remember but doesn’t make sense to anyone else.

Next you need to undertake a substitution coding method that you will use to make it difficult to be cracked.

Maybe pick the first letter of each word.

The quick brown fox jumps over the lazy dogs back = tqbfjotldb

Your substitution method might be

T = + Q = 9 B =6 F = F J = j 0 = Zero T = t L = ! D = ) B = 8

Or any substitution method that works for you.

“+96Fj0t!)8” is now your core password.

It’s easy to remember as when you want to remember it, just remember your phrase and it is not a complex password that you would need to write down somewhere.

Now comes the trick. Every site you log into, you can use this as the core of your password.

E.G. If you are logging into your FaceBook site, add facebook to the core passphrase using your substitution method.

Hacking algorithms would take centuries to crack this sample passphrase.

How does Layer 8 Security calculate the password strength?

Layer 8 Security uses the password strength estimator to calculate the strength of your passphrase. Measuring the password strength protects the password from brute-force attacks and makes it impossible for password hackers to guess and crack the password.